CVE-2019-0325
First published: Wed Jul 10 2019(Updated: )
SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary authorization checks for a report that reads payroll data of employees in a certain area. Due to this under certain conditions, the user that once had authorization to payroll data of an employee, which was later revoked, may retain access to the same data.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP ERP | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-0325?
CVE-2019-0325 has been classified as a medium severity vulnerability due to its potential to expose sensitive payroll data.
How do I fix CVE-2019-0325?
To fix CVE-2019-0325, ensure that proper authorization checks are implemented for accessing payroll data and review user access levels accordingly.
What types of systems are affected by CVE-2019-0325?
CVE-2019-0325 specifically affects SAP ERP HCM version 3.0 that handles payroll data.
Who can exploit CVE-2019-0325?
An attacker with previous access to payroll data in SAP ERP HCM may exploit CVE-2019-0325 to gain unauthorized access after their permissions have been revoked.
What impact does CVE-2019-0325 have on data security?
CVE-2019-0325 can lead to unauthorized access to sensitive employee payroll information, risking data privacy and compliance.
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap erp
- version/sap erp/3.0